CST-7113 Remote Code Execution using Web Content/DDM templates

Description

Liferay Portal 7.1.0 and earlier is vulnerable to remote code execution using Web Content/DDM templates.

Workaround: Review permissions and do not grant untrusted users permissions to create/edit Web Content/DDM templates.

Severity

Severity 1

Fixed Version(s)

Publication date: Wed, 26 Jun 2019 06:01:00 +0000

Security advisories for Liferay's enterprise offerings (e.g., Liferay DXP) are only listed here since 2023. Historial advisories are availabe in the Help Center.